Microsoft says it hasn’t been able to shake Russian state hackers
BOSTON — Microsoft said Friday it is still trying to expel elite Russian government hackers who broke into the email accounts of senior company executives in November and who they say tried to breach customer networks with stolen credentials.
The hackers from Russia’s foreign intelligence service SVR used data obtained in the breach, which was made public in mid-January, to compromise some source code repositories and internal systems, the software giant said in a blog and regulatory filing.
A company spokesperson would not describe what source code was used and what opportunities the hackers were given to further compromise customer and Microsoft systems. Microsoft said Friday that the hackers had stolen “secrets” from email communications between the company and unspecified customers β cryptographic secrets such as passwords, certificates and authentication keys β and that it was contacting them “to assist in taking mitigation measures.” measures’.
Cloud computing company Hewlett Packard Enterprise announced on January 24 that it too was an SVR hack victim and that it had been notified of the breach two weeks earlier β by who wouldn’t say β, coinciding with Microsoft’s discovery that this was the was the case. hacked.
“The threat actor’s ongoing attack is characterized by sustained, significant deployment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could use the data obtained “to build a picture of the areas to attack and to improve its strategy.β ability to do so.β Cybersecurity experts said Microsoft’s admission that the SVR hack was out of control exposes the dangers of heavy government and corporate dependence on the Redmond, Washington-based company’s software monoculture β and the fact that so much of its customers are connected through its global cloud network.
βThis has huge implications for national security,β said Tom Kellermann of the cybersecurity firm Contrast Security. βThe Russians can now use supply chain attacks against Microsoft customers.β
Amit Yoran, Tenable’s CEO, also issued a statement, expressing both alarm and dismay. He is among security professionals who consider Microsoft too secretive about its vulnerabilities and the way it handles hacks.
βWe should all be outraged that this keeps happening,β Yoran said. βThese breaches are not unrelated and Microsoft’s shady security practices and misleading statements are deliberately obscuring the whole truth.β
Microsoft said it has not yet determined whether the incident is likely to have a material impact on its finances. It also said the intrusion’s stubbornness is “a reflection of what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”
The hackers, known as Cozy Bear, are the same hacking team behind the SolarWinds breach.
When it first announced the hack, Microsoft said the SVR unit had broken into the corporate email system and accessed accounts of some senior executives and employees from its cybersecurity and legal teams. The company would not say how many accounts were compromised.
At the time, Microsoft said it was able to remove the hackers’ access to the compromised accounts on or around January 13. But by then they clearly had a foothold.
It said they got in by compromising the credentials of an ‘outdated’ test account, but that was never elaborated on.
Microsoft’s latest revelation comes three months after a new U.S. Securities and Exchange Commission rule took effect that forces publicly traded companies to disclose breaches that could negatively impact their businesses.